diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-30 18:13:38 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-31 18:37:18 +0000 |
commit | 50e3ce90b2f81075ed2e22a73ade0ed5cee35471 (patch) | |
tree | 60d5af298b0d00be3b41782075c6a51eba645435 /board/cr50/dcrypto/dcrypto.h | |
parent | 8ddc58e3ce801e2ce72e78fc28bf026436dc22b2 (diff) | |
download | chrome-ec-50e3ce90b2f81075ed2e22a73ade0ed5cee35471.tar.gz |
cr50: add pair-wise consistency test for ECDSA key generation.
FIPS requires pair-wise consistency test for asymmetric key generation
algorithms. For U2F we use only ECDSA P-256, so adding this step into
key generation function.
BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
This test covers U2F and TPM2 uses of ECDSA keygen.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I520a233e700a68b19c863bad05271f97693b5ca9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3131949
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto/dcrypto.h')
-rw-r--r-- | board/cr50/dcrypto/dcrypto.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h index b94bbd7eb3..284aa5dd51 100644 --- a/board/cr50/dcrypto/dcrypto.h +++ b/board/cr50/dcrypto/dcrypto.h @@ -255,6 +255,16 @@ int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, const p256_int *n, int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, const uint8_t bytes[P256_NBYTES]); +/** + * Pair-wise consistency test for private and public key. + * + * @param d - private key (scalar) + * @param x - public key part + * @param y - public key part + * @return !0 on success + */ +int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y); + /* P256 based integration encryption (DH+AES128+SHA256). * Not FIPS 140-2 compliant, not used other than for tests * Authenticated data may be provided, where the first auth_data_len |